The paper presents Minerva, a novel ransomware detection approach that leverages file-based behavioral profiling to identify malicious activity. Minerva is designed to be robust against evasion attacks, with architectural and feature selection choices informed by their resilience to adversarial manipulation.
The key insights behind Minerva are:
Minerva employs a multi-tier architecture that monitors file activity across different time windows, using an ensemble of machine learning classifiers to detect malicious behavior. The paper conducts a comprehensive analysis of Minerva's performance against traditional, evasive multiprocess, and unseen ransomware, as well as adaptive ransomware specifically engineered to evade Minerva's detection. The results demonstrate Minerva's ability to accurately identify ransomware, generalize to unseen threats, and withstand evasion attacks, with remarkably low detection times.
Naar een andere taal
vanuit de broninhoud
arxiv.org
Belangrijkste Inzichten Gedestilleerd Uit
by Dorjan Hitaj... om arxiv.org 04-17-2024
https://arxiv.org/pdf/2301.11050.pdfDiepere vragen